I activated Audit logging for the Dialog API in my GCP Project, now i want to see if a new intent was added in the logs. But on the logging monitor is nothing
I have enabled audit logging on my dialog flow and was able to successfully create logs in Stackdriver Logging. To do this I went on the gear menu next to my project ID > in the bottom of the General page checked the box in log settings that says: log interactions to Google Cloud.
I also had to refresh my service account access token in the same menu next to the service account name. the service account is also the log writer its possible that it's token is outdated.
Related
I want to create a workflow that when even any user login to my azure portal I get a notification email with the user id that has logged in.
In General you can do this via AD audit logs streaming. To do this you need an Azure Active Directory P1 or P2 license
First of all go to Active Directory in Azure portal -> Monitoring -> Sign-ins
and click Export Data Settings. Create new diagnostic setting something like:
Make sure that you have selected SignInLogs. After that, login events will be sent to EventHub.
Finally, create an Azure Function that will be responsible for sending Email after an event triggered in the Event Hub.
https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-hubs-trigger?tabs=csharp
I deploy an app to play store console but the app was rejected due to privacy policy concern, So I update the app with privacy policy link in App content in the play console account also update the app bundle with privacy policy and then create a new release and upload by clicking on 'Rollout to Production'.
I want to know that-
Should I do anything else to tell google that I update the app and also provide a privacy policy link in the app content or google automatically review my app again?
As you've added the privacy policy link in the play console and submitted the app for review in the production track, your app will be reviewed. You don't have to do anything else.
I am trying to set up resource owner password credentials flow in Azure AD B2C using https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc
I followed the instructions on the page closely. When I try and log in using Postman, I get the error "AADB2C: An exception has occurred." There seems to be no way of seeing the details of the error, and the standard Azure audit logs are empty.
How do you find the details of these errors?
I have seen that you can configure application insights, but that requires a custom profile (which may be my only option)
Edit - I got it to work, turns out I had the wrong flow policy selected - so if you get this please make sure to triple check it! I would still consider this a bug or poor user experience though as there should be a way to actually debug the error yourself without having to contact Microsoft.
Read some awesome documentation about Azure AD B2C here. Then make sure you download Gaining Expertise with Azure AD B2C.
Check this section: Test and Debug a Custom Policy by Using Application Insights.
I'll paste the content here just in case:
You can use the detailed log information provided by Application
Insights to investigate any issues that might occur with a custom
policy. Use the following steps to configure IEF to send events
directly to Application Insights.
Using Visual Studio, open the SignUpOrSignIn.xml file.
Add the following attribute to the <TrustFrameworkPolicy> element.
DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
Under the <RelyingParty> element, add the following <UserJourneyBehaviours> node immediately after <DefaultUserJourney ReferenceId="SignUpOrSignIn" /> element. Replace the bold text with your application Insight Key.
<UserJourneyBehaviors>
<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="Your Application Insight Instrumentation Key" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
</UserJourneyBehaviors>
Note the following points:
DeveloperMode=true is good for development but constrained at high volumes because it tells Application Insights to expedite the telemetry through the processing pipeline.
ClientEnabled="true" will send client-side scripts to Application Insights, for tracking page view and client-side errors
ServerEnabled="true" will send the existing UserJourneyRecorder JSON as a custom event to Application Insights
...
Save the file.
Return to the Azure Portal and switch to your B2C tenant. Open the Azure AD B2C Blade and select Identity Experience Framework.
Select Upload policy and upload the SignUpOrSignIn.xml policy file. Select overwrite the policy if it exists.
Check the logs in Application Insights
Select the B2C_1A_signup_signin policy.
Select Run now.
Attempt to sign in as:
an invalid user (type a random email address). T
TestUser#AwesomeYourLastname.onmicrosoft.com but with the wrong password.
TestUser#AwesomeYourLastname.onmicrosoft.com using the correct password.
In the Azure portal, switch back to your Azure tenant, and open the DemoInsightsForCustomPolicies Application Insights resource.
In the Details/Overview menu, select Analytics.
Open a new tab inside the Application Insights web application.
Use any of the following example queries to view log information.
traces: See all of the logs generated by Azure AD B2C
traces | where timestamp > ago(1d): See all of the logs generated by Azure AD B2C for the last day
traces | count: See how many events have been generated
traces | render pie chart: Summarize the data as a pie chart
Note that you might have to wait for a few minutes before logs start appearing in Application Insights.
If necessary, you can download the query results and export them to CSV files if you need to perform a detailed analysis.
You can learn more about performing analytics with Application Insights here.
#######
Following these steps I was able to see the real exception message returned by B2C when executing a custom Password Reset policy. See below:
I tried this, it worked well. The following is my tried in the postman:
I have a web app in Azure. The access to that web app is controlled by Azure Active Directory. The app is up and running since September of last year. I didn't make any changes to the app for a while and have 33 users in that app.
So, a week ago I tried to add a user, using the same methods and paths I used before.
The new user can log in to microsoft (portal.office.com). After the initial log in and changing of the password the user goes to the web app in Azure and get the following error: You do not have permission to view this directory or page.
Error tracing gives me this:
HTTP Error 401.73 - Unauthorized You do not have permission to view
this directory or page.
Most likely causes: The authenticated user does not have access to a
resource needed to process the request.
Things you can try: Create a tracing rule to track failed requests for
this HTTP status code. For more information about creating a tracing
rule for failed requests, click here.
Detailed Error Information: Module EasyAuthModule_32bit
Notification BeginRequest Handler
ExtensionlessUrlHandler-Integrated-4.0 Error Code 0x80004005
Requested URL https://*******:80/.auth/login/aad/callback Physical
Path D:\home\site\wwwroot.auth\login\aad\callback Logon Method
Not yet determined Logon User Not yet determined
More Information: This is the generic Access Denied error returned by
IIS. Typically, there is a substatus code associated with this error
that describes why the server denied the request. Check the IIS Log
file to determine whether a substatus code is associated with this
failure. View more information ยป
Microsoft Knowledge Base Articles:
Another observed behavior: usually when new users are logging in the web app asks for permissions for the AD to access their account information. Ever since this problem came up this is not the case any more.
Other users do not have any problems logging in. This problem only happens with new users who never logged in before.
EDIT: When I go to Active Directory and look at sign ins, I see failures to log into the web app with sign-in error code 90092. Failure Reason: Other.
Microsoft help desk could not give me details on that error code.
Checkout the related question and answer here. All new users have to first consent the application (agree and give your application permissions to access their profile / or you indicated as required permissions).
In short, you have to design "sign-up" button for your application, which uses the "login_url" and appends "&prompt=consent" to the query string.
Read all related resources here to better understand the consent framework.
And please read the documentation about Azure App Service Authentication/Authorization here, as well as the Azure AD specific documentation here.
OMG, I just found an answer. I created a test app and set it up to mirror the settings of my live app.
In Required Permissions the new app had nothing for Microsoft Graph, the live app had 5 permissions. I deleted Microsoft Graph and it works now!
I wish Microsoft communicated better about discontinued API's. I did get an alert, but it was mostly talking about MS Office 365.
I am submitting an app for review on Facebook Developer Console. I have done everything required, however it is still telling me i need to 'test this permission in your app with any account listed in Roles before you can submit for review'.
I have logged into my app with the role i have provided. However this message still appears?